From owner-freebsd-security@FreeBSD.ORG Thu Dec 3 15:24:21 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB7251065811 for ; Thu, 3 Dec 2009 15:24:21 +0000 (UTC) (envelope-from timo.schoeler@riscworks.net) Received: from tydirium.riscworks.net (tydirium.riscworks.net [213.73.89.76]) by mx1.freebsd.org (Postfix) with ESMTP id 663B98FC0A for ; Thu, 3 Dec 2009 15:24:21 +0000 (UTC) Received: by tydirium.riscworks.net (Postfix, from userid 65534) id 232E3142726; Thu, 3 Dec 2009 16:04:34 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on tydirium.riscworks.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED,AWL autolearn=failed version=3.2.5 Received: from soyuz.interdotnet.de (soyuz.InterDotNet.de [213.73.110.138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by tydirium.riscworks.net (Postfix) with ESMTPSA id A12AB142713 for ; Thu, 3 Dec 2009 16:04:31 +0100 (CET) Message-ID: <4B17D39B.5030204@riscworks.net> Date: Thu, 03 Dec 2009 16:04:59 +0100 From: Timo Schoeler User-Agent: Thunderbird 2.0.0.22 (X11/20090625) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <200912030930.nB39UhW9038238@freefall.freebsd.org> <4B179B90.10307@netfence.it> <200912031455.nB3EtriT031315@catflap.bishopston.net> In-Reply-To: <200912031455.nB3EtriT031315@catflap.bishopston.net> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: FreeBSD Security Advisory FreeBSD-SA-09:16.rtld X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Dec 2009 15:24:21 -0000 thus Jamie Landeg Jones spake: >> Sorry, this might seem a stupid question, but... >> In several places I read that FreeBSD 6.x is NOT affected; however, I >> heard some people discussing how to apply the patch to such systems. >> So, I'd like to know for sure: is 6.x affected? Is another patch on the >> way for it? >> >> bye & Thanks >> av. So, what would be 'best of practice' to apply the patch to 6.3-RELEASE upwards -- is the FreeBSD-7 patch applicable or should one wait for an official announcement? Best, Timo > The change that introduced the bug was made as follows: > > | Revision 1.124: download - view: text, markup, annotated - select for diffs > | Thu May 17 18:00:27 2007 UTC (2 years, 6 months ago) by csjp > | Branches: MAIN > | CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0_0_RELEASE, RELENG_7_0 > | Branch point for: RELENG_7 > | Diff to: previous 1.123: preferred, colored > | Changes since revision 1.123: +20 -10 lines > | > | In the event a process is tainted (setuid/setgid binaries), un-set any > | potentially dangerous environment variables all together. It should be > | noted that the run-time linker will not honnor these environment variables > | if the process is tainted currently. However, once a child of the tainted > | process calls setuid(2), it's status as being tainted (as defined by > | issetugid(2)) will be removed. This could be problematic because > | subsequent activations of the run-time linker could honnor these > | dangerous variables. > | > | This is more of an anti foot-shot mechanism, there is nothing I am > | aware of in base that does this, however there may be third party > | utilities which do, and there is no real negative impact of clearing > | these environment variables. > | > | Discussed on: secteam > | Reviewed by: cperciva > | PR: kern/109836 > | MFC after: 2 weeks > > This was also ported MFC'd into 6.3 onwards: > > | Revision 1.106.2.7: download - view: text, markup, annotated - select for diffs > | Sat Jul 14 19:04:00 2007 UTC (2 years, 4 months ago) by csjp > | Branches: RELENG_6 > | CVS tags: RELENG_6_4_BP, RELENG_6_3_BP, RELENG_6_3_0_RELEASE, RELENG_6_3 > | Branch point for: RELENG_6_4 > | Diff to: previous 1.106.2.6: preferred, colored; branchpoint 1.106: preferred, colored; next MAIN 1.107: preferred, colored > | Changes since revision 1.106.2.6: +20 -10 lines > | > | MFC rtld.c revision 1.124 > | > | Unset potentially harmful environment variables. > | > | Discussed on: seacteam > | PR: kern/109836 > > > So, yes, FreeBSD 6.3-RELEASE upwards are affected - FreeBSD 6.2 isn't.